How secure is the ATA encrypted disk?

Chris Kuethe chris.kuethe at gmail.com
Thu May 26 01:33:17 EDT 2005 

On 4/8/05, James A. Donald <jamesd at echeque.com> wrote:
>     --
> Every ATA disk contains encryption firmware, though not
> all bioses allow you to use it.

Not all drives contain this "encryption" firmware, which isn't
actually encryption firmware. It's more of a login feature. You have
to send the drive the password before you can do any real I/O.

$ sudo atactl wd0
Model: HMS360404D5CF00, Rev: DN4SCA2A, Serial #:             N2L7G5HA
Device type: ATA, fixed
Cylinders: 7936, heads: 16, sec/track: 63, total sectors: 7999488
Device capabilities:
        IORDY operation
        IORDY disabling
Device supports the following standards:
ATA-1 ATA-2 ATA-3 ATA-4 
Device supports the following command sets:
        NOP command
        READ BUFFER command
        WRITE BUFFER command
        Read look-ahead
        Write cache
        Power Management feature set
        Flush Cache command
        Advanced Power Management feature set
        CFA feature set
Device has enabled the following command sets/features:
        NOP command
        READ BUFFER command
        WRITE BUFFER command
        Read look-ahead
        Write cache
        Power Management feature set
        Flush Cache command
        Advanced Power Management feature set
        CFA feature set


# sudo atactl wd0
Model: SAMSUNG MP0804H, Rev: UE100-14, Serial #: S042J10Y241522
Device type: ATA, fixed
Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 156368016
Device capabilities:
        ATA standby timer values
        IORDY operation
        IORDY disabling
Device supports the following standards:
ATA-1 ATA-2 ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 
Master password revision code 0xfffe
Device supports the following command sets:
        READ BUFFER command
        WRITE BUFFER command
        Host Protected Area feature set
        Read look-ahead
        Write cache
        Power Management feature set
        Security Mode feature set
        SMART feature set
        Flush Cache Ext command
        Flush Cache command
        Device Configuration Overlay feature set
        48bit address feature set
        Automatic Acoustic Management feature set
        Set Max security extension commands
        Advanced Power Management feature set
        DOWNLOAD MICROCODE command
        SMART self-test
        SMART error logging
Device has enabled the following command sets/features:
        READ BUFFER command
        WRITE BUFFER command
        Host Protected Area feature set
        Read look-ahead
        Write cache
        Power Management feature set
        SMART feature set
        Flush Cache Ext command
        Flush Cache command
        Device Configuration Overlay feature set
        48bit address feature set
        DOWNLOAD MICROCODE command

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list